keychain/ckks/tests/CloudKitKeychainSyncingMockXCTest.h

   1 /*
   2  * Copyright (c) 2017 Apple Inc. All Rights Reserved.
   3  *
   4  * @APPLE_LICENSE_HEADER_START@
   5  *
   6  * This file contains Original Code and/or Modifications of Original Code
   7  * as defined in and that are subject to the Apple Public Source License
   8  * Version 2.0 (the 'License'). You may not use this file except in
   9  * compliance with the License. Please obtain a copy of the License at
  10  * http://www.opensource.apple.com/apsl/ and read it before using this
  11  * file.
  12  *
  13  * The Original Code and all software distributed under the License are
  14  * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
  15  * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
  16  * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
  17  * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
  18  * Please see the License for the specific language governing rights and
  19  * limitations under the License.
  20  *
  21  * @APPLE_LICENSE_HEADER_END@
  22  */
  23
  24 #if OCTAGON
  25
  26 #import "CloudKitMockXCTest.h"
  27 #import "keychain/ckks/CKKS.h"
  28 #import "keychain/ckks/CKKSControl.h"
  29 #import "keychain/ckks/CKKSCurrentKeyPointer.h"
  30 #import "keychain/ckks/CKKSItem.h"
  31
  32 NS_ASSUME_NONNULL_BEGIN
  33
  34 @class CKKSKey;
  35 @class CKKSCurrentKeyPointer;
  36
  37 @interface ZoneKeys : CKKSCurrentKeySet
  38 @property CKKSKey* rolledTLK;
  39
  40 - (instancetype)initLoadingRecordsFromZone:(FakeCKZone*)zone;
  41 @end
  42
  43 /*
  44  * Builds on the CloudKit mock infrastructure and adds keychain helper methods.
  45  */
  46
  47 @interface CloudKitKeychainSyncingMockXCTest : CloudKitMockXCTest
  48
  49 @property CKKSControl* ckksControl;
  50
  51 @property (nullable) id mockCKKSKey;
  52
  53 @property (nullable) CKKSSOSSelfPeer* currentSelfPeer;
  54 @property (nullable) NSError* currentSelfPeerError;
  55 @property (nullable) NSMutableSet<id<CKKSPeer>>* currentPeers;
  56 @property (nullable) NSError* currentPeersError;
  57
  58 @property (nullable) NSError* keychainFetchError;
  59
  60 // A single trusted SOSPeer, but without any CKKS keys
  61 @property CKKSSOSPeer* remoteSOSOnlyPeer;
  62
  63 @property NSMutableSet<CKKSKeychainView*>* ckksViews;
  64 @property NSMutableSet<CKRecordZoneID*>* ckksZones;
  65 @property (nullable) NSMutableDictionary<CKRecordZoneID*, ZoneKeys*>* keys;
  66
  67 // Pass in an oldTLK to wrap it to the new TLK; otherwise, pass nil
  68 - (ZoneKeys*)createFakeKeyHierarchy:(CKRecordZoneID*)zoneID oldTLK:(CKKSKey* _Nullable)oldTLK;
  69 - (void)saveFakeKeyHierarchyToLocalDatabase:(CKRecordZoneID*)zoneID;
  70 - (void)putFakeKeyHierarchyInCloudKit:(CKRecordZoneID*)zoneID;
  71 - (void)saveTLKMaterialToKeychain:(CKRecordZoneID*)zoneID;
  72 - (void)deleteTLKMaterialFromKeychain:(CKRecordZoneID*)zoneID;
  73 - (void)saveTLKMaterialToKeychainSimulatingSOS:(CKRecordZoneID*)zoneID;
  74 - (void)putFakeDeviceStatusInCloudKit:(CKRecordZoneID*)zoneID;
  75 - (void)putFakeDeviceStatusInCloudKit:(CKRecordZoneID*)zoneID
  76                              zonekeys:(ZoneKeys*)zonekeys;
  77
  78 - (void)putFakeOctagonOnlyDeviceStatusInCloudKit:(CKRecordZoneID*)zoneID zonekeys:(ZoneKeys*)zonekeys;
  79 - (void)putFakeOctagonOnlyDeviceStatusInCloudKit:(CKRecordZoneID*)zoneID;
  80
  81 - (void)SOSPiggyBackAddToKeychain:(NSDictionary*)piggydata;
  82 - (NSMutableDictionary*)SOSPiggyBackCopyFromKeychain;
  83 - (NSMutableArray<NSData*>*)SOSPiggyICloudIdentities;
  84
  85 - (void)putTLKShareInCloudKit:(CKKSKey*)key
  86                          from:(CKKSSOSSelfPeer*)sharingPeer
  87                            to:(id<CKKSPeer>)receivingPeer
  88                        zoneID:(CKRecordZoneID*)zoneID;
  89 - (void)putTLKSharesInCloudKit:(CKKSKey*)key from:(CKKSSOSSelfPeer*)sharingPeer zoneID:(CKRecordZoneID*)zoneID;
  90 - (void)putSelfTLKSharesInCloudKit:(CKRecordZoneID*)zoneID;
  91 - (void)saveTLKSharesInLocalDatabase:(CKRecordZoneID*)zoneID;
  92
  93 - (void)saveClassKeyMaterialToKeychain:(CKRecordZoneID*)zoneID;
  94
  95 // Call this to fake out your test: all keys are created, saved in cloudkit, and saved locally (as if the key state machine had processed them)
  96 - (void)createAndSaveFakeKeyHierarchy:(CKRecordZoneID*)zoneID;
  97
  98 - (void)rollFakeKeyHierarchyInCloudKit:(CKRecordZoneID*)zoneID;
  99
 100 - (NSDictionary*)fakeRecordDictionary:(NSString* _Nullable)account zoneID:(CKRecordZoneID*)zoneID;
 101 - (CKRecord*)createFakeRecord:(CKRecordZoneID*)zoneID recordName:(NSString*)recordName;
 102 - (CKRecord*)createFakeRecord:(CKRecordZoneID*)zoneID recordName:(NSString*)recordName withAccount:(NSString* _Nullable)account;
 103 - (CKRecord*)createFakeRecord:(CKRecordZoneID*)zoneID
 104                    recordName:(NSString*)recordName
 105                   withAccount:(NSString* _Nullable)account
 106                           key:(CKKSKey* _Nullable)key;
 107
 108 - (CKKSItem*)newItem:(CKRecordID*)recordID withNewItemData:(NSDictionary*) dictionary key:(CKKSKey*)key;
 109 - (CKRecord*)newRecord:(CKRecordID*)recordID withNewItemData:(NSDictionary*)dictionary;
 110 - (CKRecord*)newRecord:(CKRecordID*)recordID withNewItemData:(NSDictionary*)dictionary key:(CKKSKey*)key;
 111 - (NSDictionary*)decryptRecord:(CKRecord*)record;
 112
 113 // Do keychain things:
 114 - (void)addGenericPassword:(NSString*)password account:(NSString*)account;
 115 - (void)addGenericPassword:(NSString*)password account:(NSString*)account viewHint:(NSString* _Nullable)viewHint;
 116 - (void)addGenericPassword:(NSString*)password
 117                    account:(NSString*)account
 118                   viewHint:(NSString* _Nullable)viewHint
 119                     access:(NSString*)access
 120                  expecting:(OSStatus)status
 121                    message:(NSString*)message;
 122 - (void)addGenericPassword:(NSString*)password account:(NSString*)account expecting:(OSStatus)status message:(NSString*)message;
 123
 124 - (void)updateGenericPassword:(NSString*)newPassword account:(NSString*)account;
 125 - (void)updateAccountOfGenericPassword:(NSString*)newAccount account:(NSString*)account;
 126
 127 - (void)checkNoCKKSData:(CKKSKeychainView*)view;
 128
 129 - (void)deleteGenericPassword:(NSString*)account;
 130
 131 - (void)findGenericPassword:(NSString*)account expecting:(OSStatus)status;
 132 - (void)checkGenericPassword:(NSString*)password account:(NSString*)account;
 133
 134 - (void)createClassCItemAndWaitForUpload:(CKRecordZoneID*)zoneID account:(NSString*)account;
 135 - (void)createClassAItemAndWaitForUpload:(CKRecordZoneID*)zoneID account:(NSString*)account;
 136
 137 // Pass the blocks created with these to expectCKModifyItemRecords to check if all items were encrypted with a particular class key
 138 - (BOOL (^)(CKRecord*))checkClassABlock:(CKRecordZoneID*)zoneID message:(NSString*)message;
 139 - (BOOL (^)(CKRecord*))checkClassCBlock:(CKRecordZoneID*)zoneID message:(NSString*)message;
 140
 141 - (BOOL (^)(CKRecord*))checkPasswordBlock:(CKRecordZoneID*)zoneID account:(NSString*)account password:(NSString*)password;
 142
 143 - (void)checkNSyncableTLKsInKeychain:(size_t)n;
 144
 145 // Returns an expectation that someone will send an NSNotification that this view changed
 146 - (XCTestExpectation*)expectChangeForView:(NSString*)view;
 147
 148 // Establish an assertion that CKKS will cause a server extension error soon.
 149 - (void)expectCKReceiveSyncKeyHierarchyError:(CKRecordZoneID*)zoneID;
 150
 151 // Add expectations that CKKS will upload a single TLK share
 152 - (void)expectCKKSTLKSelfShareUpload:(CKRecordZoneID*)zoneID;
 153 @end
 154
 155 NS_ASSUME_NONNULL_END
 156
 157 #endif /* OCTAGON */